On Tue, Oct 10, 2023 at 10:28:37PM +0000, Andrew Chow via bitcoin-dev wrote: > I've written up a BIP draft for MuSig2 PSBT fields. It can be viewed at > https://github.com/achow101/bips/blob/musig2-psbt/bip-musig2-psbt.mediawiki.
I was hoping to see adaptor signature support in this; but it seems that's also missing from BIP 327? Though libsecp256k1-zkp has implemented it: https://github.com/BlockstreamResearch/secp256k1-zkp/blob/master/include/secp256k1_musig.h (adaptor arg to process_nonce; adapt, and extract_adaptor functions) https://github.com/BlockstreamResearch/secp256k1-zkp/blob/master/src/modules/musig/musig.md#atomic-swaps I would have expected the change here to support this to be: * an additional field to specify the adaptor, PSBT_IN_MUSIG2_PUB_ADAPTOR (optional, 33B compressed pubkey, 32B-hash-or-omitted), that signers have to take into account * an additional field to specify the adaptor secret, PSBT_IN_MUSIG2_PRIV_ADAPTOR (32B), added by a Signer role * PartialSigAgg should check if PUB_ADAPTOR is present, and if so, incorporate the value from PSBT_IN_MUSIG2_PRIV_ADAPTOR, failing if that isn't present (Note that when using adaptor signatures, signers who don't know the adaptor secret will want to ensure that the partial signatures provided by signers who do/might know the secret are valid. But that depends on the protocol, and isn't something that can be automated at the PSBT level, I think) Seems like it would be nice to have that specified asap, so that it can be supported by all signers? FWIW, "participant" is typoed a bunch ("particpant") and the tables are hard to read: you might consider putting the description as a separate row? eg: https://github.com/ajtowns/bips/blob/202310-table/bip-musig2-psbt.mediawiki Cheers, aj _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
